ProxySG & Advanced Secure Gateway

Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure

channel."

At line:1 char:1

+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : WebException

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check

the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:95

+ ... nstall.ps1')); choco upgrade -y python visualstudio2017-workload-vctools; Read-H ...

+                    ~~~~~

    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Type ENTER to exit:
------------------------------------------------

The error you are getting from your script is "Could not create SSL/TLS secure channel". I would take a packet capture of this behavior, using a filter that would capture both the Client - Proxy connection, and the Proxy - Server connection, and look at where in the TLS handshake things are failing.

If you are getting a RST immediately after sending the Client Hello, I would recommend making sure that at least one of these listed ciphers are in the Client Hello. If your client is sending a RST after receiving the server certificate, then I would inspect the certificate. It could be that you are SSL decrypting traffic on the ProxySG, and PowerShell doesn't trust the ProxySG certificate. If that is the case, you will need to add the ProxySG certificate to the trusted root store in MMC on your computer.

It could be other things as well, but that would be where I would start.

Thanks!

Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure

channel."

At line:1 char:1

+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : WebException

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check

the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:95

+ ... nstall.ps1')); choco upgrade -y python visualstudio2017-workload-vctools; Read-H ...

+                    ~~~~~

    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Type ENTER to exit:
------------------------------------------------

The error you are getting from your script is "Could not create SSL/TLS secure channel". I would take a packet capture of this behavior, using a filter that would capture both the Client - Proxy connection, and the Proxy - Server connection, and look at where in the TLS handshake things are failing.

If you are getting a RST immediately after sending the Client Hello, I would recommend making sure that at least one of these listed ciphers are in the Client Hello. If your client is sending a RST after receiving the server certificate, then I would inspect the certificate. It could be that you are SSL decrypting traffic on the ProxySG, and PowerShell doesn't trust the ProxySG certificate. If that is the case, you will need to add the ProxySG certificate to the trusted root store in MMC on your computer.

It could be other things as well, but that would be where I would start.

Thanks!

Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure

channel."

At line:1 char:1

+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : WebException

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check

the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:95

+ ... nstall.ps1')); choco upgrade -y python visualstudio2017-workload-vctools; Read-H ...

+                    ~~~~~

    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Type ENTER to exit:
------------------------------------------------

Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure

channel."

At line:1 char:1

+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : WebException

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check

the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:95

+ ... nstall.ps1')); choco upgrade -y python visualstudio2017-workload-vctools; Read-H ...

+                    ~~~~~

    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Type ENTER to exit:
------------------------------------------------

Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure

channel."

At line:1 char:1

+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : WebException

choco : The term 'choco' is not recognized as the name of a cmdlet, function, script file, or operable program. Check

the spelling of the name, or if a path was included, verify that the path is correct and try again.

At line:1 char:95

+ ... nstall.ps1')); choco upgrade -y python visualstudio2017-workload-vctools; Read-H ...

+                    ~~~~~

    + CategoryInfo          : ObjectNotFound: (choco:String) [], CommandNotFoundException

    + FullyQualifiedErrorId : CommandNotFoundException

Type ENTER to exit:
------------------------------------------------